China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor, known for utilizing Medusa ransomware, has been identified as exploiting zero-day and N-day vulnerabilities to rapidly breach internet-facing systems. This actor's high operational tempo and expertise in identifying exposed perimeter assets have enabled them to successfully carry out "high-velocity" attacks. The use of zero-day exploits, in particular, allows the actor to capitalize on unpatched vulnerabilities, giving them a significant advantage in terms of speed and stealth¹. The actor's tactics have been linked to the deployment of Medusa ransomware, which can have devastating consequences for affected organizations. As the threat actor continues to evolve and refine their techniques, the window for patching vulnerabilities is rapidly closing. This underscores the importance of promptly assessing exposure to these threats, especially for organizations with potential ties to China, so what matters most to practitioners is the need to immediately evaluate their systems' vulnerability to these exploits to prevent potential breaches.